Get in touch with us today! Call us toll-free at 1.866.754.4111 or email us at [email protected] Close button
Web Design Kitchener Waterloo Guelph Cambridge AODA Development
This is a headshot of Brad Anderson.


There's a common but potentially devastating cyber security misconception among small businesses. This is the small fish in a big pond argument that a small business is just one target out of millions of businesses. This implies that they benefit from a safety in numbers, especially when there are much bigger and more tempting businesses for hackers to target.


However, this argument doesn't hold up because small businesses don't have the security resources of large businesses. This makes them much easier and more attractive to hack. Hackers also use software to locate targets according to varying criteria, many of which have to do with security vulnerabilities. If a target looks promising, hacking attempts will be made, regardless of business size. And it only takes a few months, at the most, for the software used by hackers to find a website. The huge numbers of hackers and their sophisticated technology means there's no safety in numbers.


Another fact to consider is that at least one type of hacking, called brute force, is easy to do and requires little more than an ability to follow instructions. You need only download a free network cracking tool such as Hydra and some quality word lists, and you're set to go. Brute force hacking is considered a script kiddie method. This low barrier to entry is a big reason for the proliferation of hackers.


When you successfully hack a business site and obtain data, converting it into cash is also convenient because of the many data black markets where you can find others who will buy what you have. Many data black markets operate in a similar way to eBay.


How Brute Force Hacking Works


Brute force software essentially tries to guess passwords at a login page by using all possible combinations of characters until one combination works. This can take a very long time for lengthy passwords and isn't practical. However, for short passwords of a few characters it's very feasible. The advantage of this method is that, with sufficient guessing, it always works.


However, many hackers only use this method as a last resort after word list or dictionary attacks have failed. A word list (or dictionary) attack tries commonly used passwords (such as 1234, qwerty, etc.) as well as common words and names people place in their passwords. This modified brute force method cracks passwords quickly, provided they are common or are built up from words. Commonly used number prefixes and suffixes may also be appended to word based guesses, since people often do this when making up a password, such as 123mypassword.



Protecting Your Business From Brute Force Hacking Methods


What the above clearly reveals is that long and random passwords are unhackable because they would take too long to break. Extremely long passwords might require hundreds of years. In addition, your login page should lock out users for a few hours after a certain number of failed login attempts.


An easy way to generate long memorable passwords is to use the first letter of each word of a long sentence. Choose a sentence that only has meaning to you. Include numbers in your sentence such as "2 people 8 3 slices of bread," where 8 means "ate". Special characters can be used as word substitutes (@ means "at," # means "number," etc). Your password should be at least 12 to 14 characters long, but longer if possible. If you have any comments or questions, don't hesitate to contact us.

Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn


Rob Matlow
June 6, 2024
Show Rob's Posts
Jackie Graves
June 6, 2024
Show Jackie's Posts
Sanj Rajput
May 23, 2024
Show Sanj's Posts
Melissa Yates
February 27, 2024
Show Melissa's Posts
Amanda Turner
February 20, 2024
Show Amanda's Posts
Alina Litvinenko
February 6, 2024
Show Alina's Posts
Tabitha Doyle
January 30, 2024
Show Tabitha's Posts
Christine Votruba
August 29, 2023
Show Christine's Posts
Sean Sanderson
December 19, 2022
Show Sean's Posts
Haley Burton
December 7, 2021
Show Haley's Posts
Generic Administrator
December 3, 2021
Show Generic's Posts
Colleen Legge
November 26, 2021
Show Colleen's Posts
Sean McParland
August 20, 2021
Show Sean's Posts
Matt Stern
July 16, 2019
Show Matt's Posts
Sean Legge
June 28, 2019
Show Sean's Posts
Todd Hannigan
November 13, 2018
Show Todd's Posts